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DETAILED ACTION 

This Office Action is in response to Applicant's Remarks and Amendments filed 
February 13, 2009. 

Claims 4, 13-14, and 18 remain cancelled. 
Claims 1,10, and 17 are amended. 

Claims 1-3, 5-12, 15-17, and 19-22 are pending and herein considered. 

Response to Arguments 

Applicant's arguments filed February 13, 2009 have been fully considered but 
they are not persuasive. 

Applicant's first set of arguments are directed towards Gadish's alleged failure to 
recite "a system for detecting improper requests." The Examiner respectfully disagrees, 
calling attention to column 2 wherein Gadish discloses "replacing an error message with 
a non-error message when a query is non-resolvable." While Applicant argues that this 
teaching fails to include the detection of improper requests, the Examiner would like to 
point out that in order to replace an error-message it is necessary for the system to 
detect that error to begin with. Further support for the Examiner's position may be found 
in lines 24-29 of column 2 wherein Gadish discloses the option of either replacing the 
error message once it has already been generated, or implicitly generating the error 
message in response to the non-resolvable query. In order for Gadish to respond 
directly with his "non-error" message it is necessary for him to detect the unresolvable 
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query (improper request). Furthermore, while Applicant has in his response to referred 
to lines 36-39 of column 2, conspicuously absent from his response is any mention of 
lines 39-45 of the same column and cited by the Examiner, wherein Gadish discloses a 
server device "for receiving the query and for determining whether the query is 
resolvable by the server device, such that if the query is nonresolvable, the server 
device generates the error message" and "a non-error message generator for 
intercepting the error message and for altering at least a portion of the error message to 
form the non-error message. " It is clear from the above mentioned passages in view of 
the reference in its entirety that Gadish does in fact to provide for a system for detecting 
improper requests. 

Applicant's next set of remarks are directed towards Gadish's alleged failure to 
teach or suggest wherein a request is deemed improper if a message body associated 
with the request has zero length. The Examiner respectfully disagrees, drawing 
attention column 2 lines 30-35, column 4 lines 56-61 and column 5 line 62 through 
column 6 line 4 wherein Gadish discloses the versatility of his system including its use 
with UDP/IP, HTTP FTP, TCP/IP, Telnet and Ping. Gadish goes on in column 6 to 
disclose the variety of headers and fields which are to be examined in order to 
determine whether or not an individual packet is improper according to a particular 
system. It is based upon the abovementioned sections in view of the reference in its 
entirety that the Examiner maintains her rejection of claim 1 in view of Gadish insofar as 
Gadish provides for detecting improper requests based upon an examination of header 
and body fields of a particular packet. 
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Applicant's remarks regarding independent claims 10 and 17 are based upon 
those given above with respect to claim 1, and are unpersuasive for substantially the 
same reasons as given above with regards to claim 1 . 

It is in view of the above-made arguments and the reference in its entirety that 
the Examiner maintains her rejection of claims 1 -3, 5-1 2, 1 5-1 7, and 1 9-22 under 35 
U.S.C. 102(b) as being anticipated by US Patent No. 6,202,087 B1 to Ofer Gadish. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-3, 5-12, 15-17, and 19-22 are rejected under 35 U.S.C. 102(b) as 
being anticipated by US Patent No. 6,202,087 B1 to Ofer Gadish. 

As per claim 1, Gadish teaches a system including a computer hardware device 
for addressing denial of service attacks directed at a web resource, comprising a 
system for detecting improper requests; and a system for responding to improper 
requests that issues an HTTP "OK" response code when improper request is detected, 
wherein a request is deemed improper if a message body associated with the request 
has a zero length (col.2 lines 36-48, 61-65). 
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As per claim 2, Gadish teaches wherein the system for responding stops issuing 
HTTP "OK" response codes and issues no response after a predetermined number of 
improper requests are detected (col. 5 line 48 thru col. 6 line 7). 

As per claim 3, Gadish teaches wherein a request is deemed improper if the 
request is received from an unexpected host (col. 2 lines 29-35; col.4 lines 56-61). 

As per claim 5, Gadish teaches wherein a request is deemed improper if an 
HTTP "post" or an HTTP "get" command is expected and neither an HTTP "post" nor an 
HTTP "get" command is received (col.2 lines 29-35; col.4 lines 56-61). 

As per claim 6, Gadish teaches wherein a request is deemed improper if the 
request includes a HTTP "post" or "get" command with unknown arguments (col.2 lines 
29-35; col.4 lines 56-61). 

As per claim 7, Gadish teaches wherein the HTTP "OK" response code 
comprises an HTTP 204 "OK" message code (col.5 line 23 thru col. 6 line 19). 

As per claim 8, Gadish teaches wherein the system for responding to improper 
requests includes a response protocol that utilizes a standard error handling procedure 
for a first improper request from a requesting resource, issues an HTTP OK response 
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code for N subsequent improper requests from the requesting resource, and then stops 
responding to the requesting resource altogether (col. 5 line 23 thru col. 6 line 19). 

As per claim 9, Gadish teaches wherein the web resource comprises a server 
(col .2 lines 7-35). 

As per claim 10, Gadish teaches a method for addressing denial of service 
attacks directed at a web resource, comprisingat least one computing device for 
processing the steps of: 

receiving messages at the web resource and analyzing each message and 
determining if the message is improper, wherein a message is deemed improper if the 
message is neither an HTTP "post" nor an HTTP "get" command when one of these 
commands is expected, or the message includes a HTTP "post" or "get" command with 
unknown arguments (col. 2 lines 29-48; col.4 lines 56-61)); 

storing the source address of a message if the message is improper and 
responding to a first improper message from an identified source address with an HTTP 
error response (col. 5 line 23 thru col. 6 line 19); 

responding to a set of subsequent improper messages from the identified source 
address with HTTP "OK" response codes (col. 5 line 23 thru col. 6 line 19); 

and stopping responses to the identified source address for all received improper 
messages after the set of subsequent improper messages have been responded to 
(col.5 line 23 thru col.6 line 19). 
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As per claim 11, Gadish teaches wherein a message is deemed improper if the 
message is received from an unexpected host (col. 2 lines 29-35; col.4 lines 56-61). 

As per claim 12, Gadish teaches wherein a message is deemed improper if a 
message body associated with the request has a zero length (col. 2 lines 36-48, 61-65). 

As per claim 15, Gadish teaches wherein the HTTP "OK" response code 
comprises an HTTP 204 "OK" message code (col. 5 line 23 thru col. 6 line 19). 

As per claim 16, Gadish teaches wherein the HTTP "OK" response comprises 
an HTTP 200 "OK" message code (col. 5 line 23 thru col. 6 line 19). 

As per claim 17, Gadish teaches a computer readable medium storing a 
program product for addressing denial of service attacks directed at a web resource, 
comprising computer readable program code for performing the steps of: 

receiving messages at the web resource and means for analyzing each message 
and determining if the message is improper (col. 2 lines 29-48; col.4 lines 56-61); 

storing the source address of a message if the message is improper and means 
for responding to a first improper message from an identified source address with an 
HTTP error response (col. 5 line 23 thru col.6 line 19); 
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responding to a first predetermined number of subsequent improper messages 
from the identified sources address with HTTP "OK' response codes (col. 5 line 23 thru 
col.6 line 19); and 

stopping responses to the identified course address after a second 
predetermined number of subsequent improper messages have been received (col. 5 
line 23 thru col.6 line 19). 

As per claim 19, Gadish teaches wherein a message is deemed improper if the 
message is received from an unexpected host; if the message has a zero length; if the 
message is neither an expected HTTP "post" nor an expected HTTP "get" command 
(col .2 lines 29-35; col.4 lines 56-61); or if the message includes a HTTP "post" or "get" 
command with unknown arguments (col.2 lines 29-35; col.4 lines 56-61). 

As per claim 20, Gadish teaches wherein the HTTP "OK" response codes 
comprise HTTP 204 "OK" response codes (col.5 line 23 thru col.6 line 19). 

As per claim 21, Gadish teaches wherein messages that are deemed proper are 
passed to the web resource for further processing (col.2 lines 7-35). 

As per claim 22, Gadish teaches wherein the web resource is a web server 
(col.2 lines 7-35). 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 

272- 4241 . The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Tamara Teslovich/ 
Examiner, Art Unit 2437 



/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



